How to Increase or Decrease Session Timeout in Your ASP.NET Application

In this article, I will give you a step by step guide on how to set, increase or decrease session timeout for your ASP Application.

1. To set the session timeout for your application we will use the timeout attribute. The timeout attribute indicates the time (minutes) that the user will stay logged in into your application. To set the time, we will edit the web.config file your application.

2. Open web.config and look for this tag:

<authentication mode=”Forms”>

3. Now, we are going to add the timeout parameter. We will set it for 600 minutes:

4. In the image above, the user will stay logged in for 600 minutes until he decides to sign out. If you need to either decrease or increase, you just need to change the time (600) you don’t have to declare the tag again.

By default, ASP.NET stores the authentication token, using a cookie. If you have previously logged in, ASP.NET will read this cookie and check if the session is still active .

We strongly recommend setting the session timeout to a short time for greater control and security of your ASP application.

2 Comments on How to Increase or Decrease Session Timeout in Your ASP.NET Application

One thing to keep in mind is that there is an Idle timeout setting associated with the Application Pool. If you have a limited activity website and want your users to have a 600 minute session timeout (per the example), you may need to increase the idle timeout in the application pool (default of 20 minutes) or you can create a scheduled task to hit your site every X number of minutes to keep the application pool alive.